Custom password policy allows you to change minimum password length, password history, set lock out and expiration rules.
By default password should consist of at least 8 characters. Passwords must not contain username. Password can't include username as its part. Last 4 passwords can't be reused. Password must contain characters from 3 of the following categories:
- English uppercase characters (A-Z)
- English lowercase characters (a-z)
- Numbers (0-9)
- Special characters (e.g., ! $ # %)
Custom Password Policy cannot be less complicated than the default one.
Important: If you utilize UserPilot service, you can only set up a custom password policy for the users in your own Active Directory.
You can set up a custom password policy for users on your Exchange account in HostPilot® Control Panel > Users > Password Policies y or HostPilot® Control Panel > Services > Compliance > Policies.
On this page, you can:
By default all users have ability to reset/recover their password. If the user knows their current password it can be reset in My Services. Read knowledge Base article on How Do I Reset The Password For A Mailbox? Can I Reset The Password In OWA? for more information. If the user doesn't know their password it can be recovered through "Forgot your password" option. Read knowledge Base article on How Do I Recover My Mailbox Password? for instructions.
If you check Users cannot change password box and save changes it will result in following:
- users will not have permissions to reset/recover their password
- users will not be prompted to add alternate email address of cell phone information when logging into My Services
- users will not be getting emails about password expiring
Note: Policy setting Users cannot change password applies to all users. If you want to restrict specific user(s) to change password it can be done on individual user's settings page. Read knowledge Base article on How Do I Manage User Password Settings for more information.
You can force users to change the password on next logon. Here is what the user will see when trying to login to Outlook Web Access (OWA):
Here is how Outlook notification looks like:
Once they receive a notification in Outlook, they will need to change the password by trying to login to OWA or to My Services Control Panel.
You can specify the following settings:
- minimum password length (min 8, max 127)
- password expiration period (30, 60, 90, 180 and 365 days periods are available)
Note: the first password expiration notification is sent 5 days before the expiration date.
- password history
- user lock
If you enable password expiration you can check expiration date for individual user by navigating to HostPilot > Users > Click on Display Name of the user > Edit User Password Settings
If you choose to unlock the user Manually, they will receive the following notification once locked:
To unlock them go to HostPilot > Users > click on a user > click Unlock.